Alert Logic® Log Manager™ has several different collection methods available for use in customer environments. The following methods are the primary means of deployment:
- Agent: The Alert Logic agent is a lightweight install available for Windows and Linux machines. It takes a copy of the Windows Event logs or syslog files, and then compresses and encrypts them before sending them back to Alert Logic.
- Remote Collector: The remote collector is a slightly more robust implementation of the Alert Logic agent. The remote collector installs on a Windows or Linux machine and serves as an endpoint for forwarded syslog messages. Common use cases include routers, switches, firewalls, and any other network devices that do not support agent installation. All collected logs are compressed and encrypted before being sent back to Alert Logic.
- Virtual Appliance: The virtual appliance is supplied to customers as a VMWare OVA file downloaded through the Alert Logic console. Once set up, it can serve as a syslog collector similar to the remote collector. It also has the ability to serve as a single point of egress for the Alert Logic agent – allowing for a single consolidated outgoing log message feed as opposed to each individual agent reaching out on its own. All collected logs are compressed and encrypted before being sent back to Alert Logic.
- Physical Appliance: The physical appliance is supplied to customers by Alert Logic. Physical appliances are similar to the virtual appliances in function, but also allow for Windows Event Log collection without the Alert Logic agent. All collected logs are compressed and encrypted before being sent back to Alert Logic.
- AWS S3: Alert Logic supports collecting logs from Amazon S3 buckets. We have parsers in place today for many popular log types (CloudTrail, CloudWatch, RDS, etc.). If you are able to publish the logs to an S3 bucket, Alert Logic is able to collect them.